« List of all CVEs

CVE-2025-4598

Systemd-coredump: race condition that allows a local attacker to crash a suid program and gain read access to the resulting core dump

Published: 5/30/2025 Last updated: 1/22/2026 Reserved: 5/12/2025

A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version Score Severity Vector String
3.1 4.7 Medium CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Opam packages affected (30)

albatross cdrom conf-bpftool conf-libbpf conf-libudev conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes ocaml-systemd orun rawlink rawlink-eio rawlink-lwt restricted shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (31)

Product Vendor Version
Red Hat Discovery 2 Red Hat Snapdragon X65 5G Modem-RF System
Red Hat Discovery 2 Red Hat 5.0.2
Red Hat Discovery 2 Red Hat Snapdragon X75 5G Modem-RF System
Red Hat Insights proxy 1.5 Red Hat Snapdragon XR1 Platform
Red Hat Insights proxy 1.5 Red Hat 15.1(3)T2
Red Hat Enterprise Linux 7 Red Hat SSG2125P
Red Hat Enterprise Linux 9 Red Hat SXR1230P
Red Hat Enterprise Linux 10 Red Hat 15.1(1)T3
Red Hat Enterprise Linux 10 Red Hat Snapdragon XR2+ Gen 1 Platform
Red Hat Enterprise Linux 7 Red Hat 15.1(1)T
Red Hat Enterprise Linux 9 Red Hat 15.3(2)T
Red Hat Ceph Storage 7 Red Hat < 10.0.14393.7259
Red Hat Ceph Storage 7 Red Hat Snapdragon X55 5G Modem-RF System
Red Hat Ceph Storage 8 Red Hat Snapdragon X62 5G Modem-RF System
Red Hat Ceph Storage 8 Red Hat < 6.2.9200.25031
Red Hat OpenShift Container Platform 4 Red Hat 15.3(1)T3
Red Hat OpenShift Container Platform 4 Red Hat SXR2130
Red Hat Enterprise Linux 10 Red Hat SRV1H
Red Hat Enterprise Linux 10 Red Hat 15.1(1)T2
Red Hat OpenShift Container Platform 4 Red Hat 15.3(2)T2
Red Hat Enterprise Linux 9 Red Hat Snapdragon X5 LTE Modem
Red Hat Enterprise Linux 9 Red Hat Snapdragon X50 5G Modem-RF System
Red Hat Enterprise Linux 10 Red Hat SRV1M
Red Hat Enterprise Linux 7 Red Hat SW5100
Red Hat Enterprise Linux 8 Red Hat SW5100P
Red Hat OpenShift Container Platform 4 Red Hat SXR2250P
Red Hat Enterprise Linux 9 Red Hat 10.5.9
Red Hat Enterprise Linux 10 Red Hat 15.1(2)T2a
Red Hat Enterprise Linux 7 Red Hat 15.1(2)T2
Red Hat Enterprise Linux 8 Red Hat 15.1(2)T1
Snapdragon X35 5G Modem-RF System

References (32)